Implementations should override the default destroy and
isDestroyed methods from the
javax.security.auth.Destroyable interface to enable
sensitive key information to be destroyed, cleared, or in the case
where such information is immutable, unreferenced.
Finally, since PrivateKey is Serializable, implementations
should also override
java.io.ObjectOutputStream.writeObject(java.lang.Object)
to prevent keys that have been destroyed from being serialized.